[Encosia]

Maintaining a self-hosted WordPress installation is awfully easy since they added the one-click updating for plugins and WordPress itself. I agree that a neglected WordPress install is a liability, but it takes negligible effort to keep later versions of it running smoothly. Even "normals" can handle clicking an update button once in a while when they log into their dashboard to check comments, stats, etc.

[grantheaslip]

But "normals" just aren't always going to do that. If Wordpress installations automatically updated without any user intervention, then maybe it would be better, but I still think it's dangerous to get non-geek friends to use a self-hosted Wordpress unless they really understand server administration—not just following an installation guide, but how permissions work, how to back up databases, how to properly vet add-ons, etc.

Plus, a lot of the Wordpress exploits have been zero-day. Even if they are checking their Wordpress dashboard every day, or even every week (and that's probably not a good assumption to make), their installation could be silently compromised before an update was even available.

I think geeks tend to assume that regular people understand and care about even the most basic (by our estimation) best practices. You could argue that that's their fault, not ours, but I think there's a certain lack of pragmatism involved in thinking that regular users can responsibly administer a Wordpress install. I'm sure contrary examples exist, but there's a lot of horror stories as well.

[jasonlbaptiste]

It is pretty easy, but publishing is divided into two areas:

Personal publishing where wordpress.com (and posterous, tumblr,etc.) are the best use case.

Professional publishing where Wordpress self installs are the best.